Open Source
Everyone loves open source, and for good reason. We want to help you use open source and stay secure. Read more to learn how this is achievable!
npm passes the 1 millionth package milestone! What can we learn?
June 4th is a historic date. Not only is it our very own Liran Tal’s birthday (Mazal Tov, Liran!) but it is also the date that the millionth package was indexed into the npm registry. npm is a package manager for JavaScript packages. The core component of npm is its public registry, hosting JavaScript packages […]
CRLF injection found in popular Python dependency, urllib3
On April 18, 2019 a CRLF injection vulnerability was found in the popular Python library, urllib3. The urllib3 library is an HTTP client for Python that includes valuable features such as thread safety, connection pooling, client-side SSL/TLS verification, and more. It is used widely in the Python ecosystem, including within requests, another popular library. In […]
JVM Ecosystem Survey 2019
We’re excited to launch the new JVM Ecosystem Survey 2019. The goal of this survey is to understand the lay of the land across the entire JVM ecosystem and Java in particular. Once we get all of your wonderful responses we’re going to turn them into a beautiful report that you can read, printout, turn […]
190,000 users affected by Docker Hub’s security breach. Now what?
Docker Hub may have reset your account details if it detected that it was part of the breach. What could potentially happen? What should I do to protect my code?
How much do we really know about how packages behave on the npm registry?
How many packages on npm can be considered abandoned? How many packages are connected to each other? Let's explore npm - today’s biggest open source package registry!
Shifting Docker security left
As more organizations create, spread and use Docker containers, the risk of security vulnerabilities grows. Docker images are largely built on top of other images, meaning a vulnerability in one image is also present in all the images that utilize it. The wide adoption of Docker comes at a price — a single vulnerability can be widely spread and have major impact.
The top two most popular Docker base images each have over 500 vulnerabilities
Welcome to the Docker security report “Shifting Docker security left”. This report is split into several posts: Shifting Docker security left The top two most popular Docker base images each have over 500 vulnerabilities 80% of developers are not addressing Docker security Take actions to improve security in your Docker images Or download our lovely […]
80% of developers are not addressing Docker security
Welcome to the Docker security report: Shifting Docker security left. This report is split into several posts: Shifting Docker security left The top two most popular Docker base images each have over 500 vulnerabilities 80% of developers are not addressing Docker security Take actions to improve security in your Docker images Or download our lovely […]
Take actions to improve security in your Docker images
Welcome to the Docker security report: Shifting Docker security left.This report is split into several posts: Shifting Docker security left The top two most popular Docker base images each have over 500 vulnerabilities 80% of developers are not addressing Docker security Take actions to improve security in your Docker images Or download our lovely handcrafted […]
After three years of silence, a new jQuery prototype pollution vulnerability emerges once again
On March 26th, 2019, almost three years after the last jQuery security vulnerability was disclosed, we recently learned about a new security vulnerability affecting the same popular jQuery frontend library. This security vulnerability referred to and manifests as prototype pollution, enables attackers to overwrite a JavaScript application object prototype. When that happens, properties that are […]
Cheat sheet: 10 Bitbucket security best practices
In this cheat sheet we’ll cover how you can be more secure as a Bitbucket user or contributor. Some of it is specific to Bitbucket, but a lot of it is also useful for other Git and non-Git repositories as well. DOWNLOAD THE CHEAT SHEET! So let’s get started with our list of 10 Bitbucket […]